CP-ABE scheme supporting partially hidden access policy

LIU Xia; WANG Xinzu; ZHANG Tao; CHEN Yingge; WANG Rong; FENG Chaosheng; QIN Zhiguang

doi:10.11959/j.issn.1000-436x.2024179

您当前的位置：

首页 >

文章列表页 >

CP-ABE scheme supporting partially hidden access policy

Papers | 更新时间：2024-11-14

- CP-ABE scheme supporting partially hidden access policy
- Journal on Communications Vol. 45, Issue 10, Pages: 180-190(2024)
- 作者机构：
  
  1.四川师范大学计算机科学学院，四川成都 610101
  2.成都东软学院数字艺术与设计学院，四川成都 611844
  3.电子科技大学网络与数据安全四川省重点实验室，四川成都 610054
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61373163);The Natural Science Foundation of Sichuan Province(2022NSFSC0552;2023NSFSC1397)
- DOI：10.11959/j.issn.1000-436x.2024179
  CLC： TP309
- Received：26 April 2024，
  
  Revised：2024-09-24，
  
  Published：25 October 2024
- 稿件说明：
移动端阅览
刘霞,王馨族,张涛等.支持访问策略部分隐藏的CP-ABE方案[J].通信学报,2024,45(10):180-190.

LIU Xia,WANG Xinzu,ZHANG Tao,et al.CP-ABE scheme supporting partially hidden access policy[J].Journal on Communications,2024,45(10):180-190.
刘霞,王馨族,张涛等.支持访问策略部分隐藏的CP-ABE方案[J].通信学报,2024,45(10):180-190. DOI： 10.11959/j.issn.1000-436x.2024179.

LIU Xia,WANG Xinzu,ZHANG Tao,et al.CP-ABE scheme supporting partially hidden access policy[J].Journal on Communications,2024,45(10):180-190. DOI： 10.11959/j.issn.1000-436x.2024179.

摘要

针对现有支持外包解密的基于密文策略的属性加密（CP-ABE）方案大多未考虑对密文访问策略的隐私保护，而部分支持策略隐藏的方案又存在访问策略匹配效率低的问题，提出一种支持访问策略隐藏且访问策略匹配效率较高的CP-ABE方案。该方案对属性值进行盲化处理并构造隐藏策略访问树，实现了访问策略的隐私保护；采用布隆过滤器对属性进行过滤与成员认证，从而快速找到满足访问策略的最小属性集，减少解密测试中的大量无效计算；利用强算力的云服务器进行外包计算，减少本地的解密开销。理论分析和实验结果分析均表明，所提方案可兼顾计算效率与策略隐私保护，访问策略匹配效率和加解密速度显著提升，本地解密时间被减少至常数级。安全性分析表明，所提方案不仅保护了外包访问策略的隐私性，还能抵御选择明文攻击。

Abstract

Most of the existing ciphertext-policy attribute-based encryption (CP-ABE) schemes that support outsourced decryption do not consider the privacy protection of the ciphertext access policy

while some schemes that support policy hidden have the problem of low access policy matching efficiency. Therefore

a CP-ABE scheme was proposed that supported access policy hidden and had high efficiency in access policy matching. In this scheme

the attribute values were blinded and a policy hidden access tree was constructed to realize the privacy protection of the access policy. Bloom filter was used to filter attributes and authenticate members

so as to quickly find the minimum set of attributes that meet the access policy and reduce a large number of invalid calculations in the decryption test. Finally

cloud servers with strong computing power for outsourced computing were used to reduce local decryption costs. Theoretical analysis and experimental results show that the proposed scheme can take into account both computational efficiency and policy privacy protection

significantly improving access policy matching efficiency

encryption and decryption speed

and local decryption time is reduced to a constant level. Security analysis demonstrates that the proposed scheme not only protects the privacy of outsourced access policies but also can resist chosen plaintext attacks.

关键词

Keywords

references

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP '07) . Piscataway : IEEE Press , 2007 : 321 - 334 .

WATERS B . Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization [C ] // International Workshop on Public Key Cryptography . Berlin : Springer , 2011 : 53 - 70 .

FENG C S , YU K P , ALOQAILY M , et al . Attribute-based encryption with parallel outsourced decryption for edge intelligent IoV [J ] . IEEE Transactions on Vehicular Technology , 2020 , 69 ( 11 ): 13784 - 13795 .

LI H , YU K P , LIU B , et al . An efficient ciphertext-policy weighted attribute-based encryption for the Internet of health things [J ] . IEEE Journal of Biomedical and Health Informatics , 2022 , 26 ( 5 ): 1949 - 1960 .

LI Q , ZHANG Q Q , HUANG H P , et al . Secure, efficient, and weighted access control for cloud-assisted industrial IoT [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 18 ): 16917 - 16927 .

GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts [C ] // Proceedings of the 20th USENIX Security Symposium . Berkeley : USENIX Association , 2011 : 523 - 538 .

SANCHOL P , FUGKEAW S , SATO H . A mobile cloud-based access control with efficiently outsourced decryption [C ] // Proceedings of the 2022 10th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) . Piscataway : IEEE Press , 2022 : 1 - 8 .

TU S S , HUANG F M , ZHANG S J , et al . Ciphertext-policy attribute-based encryption for securing IoT devices in fog computing [C ] // Proceedings of the 2022 International Conference on Computer, Information and Telecommunication Systems (CITS) . Piscataway : IEEE Press , 2022 : 1 - 7 .

HWANG Y W , LEE I Y . A study on CP-ABE based data sharing system that provides signature-based verifiable outsourcing [C ] // Proceedings of the 2021 International Conference on Advanced Enterprise Information System (AEIS) . Piscataway : IEEE Press , 2021 : 1 - 5 .

LIU X J , CHEN W , XIA Y J , et al . SE-VFC: secure and efficient outsourcing computing in vehicular fog computing [J ] . IEEE Transactions on Network and Service Management , 2021 , 18 ( 3 ): 3389 - 3399 .

WANG H Q , HE D B , HAN J G . VOD-ADAC: anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud [J ] . IEEE Transactions on Services Computing , 2020 , 13 ( 3 ): 572 - 583 .

NISHIDE T , YONEYAMA K , OHTA K . Attribute-based encrypttion with partially hidden encryptor-specified access structures [C ] // International Conference on Applied Cryptography & Network Security . Berlin : Springer , 2008 : 111 - 129 .

LAI J Z , DENG R H , LI Y J . Expressive CP-ABE with partially hidden access structures [C ] // Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security . New York : ACM Press , 2012 : 146 - 162 .

HAN D Z , PAN N N , LI K C . A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection [J ] . IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 1 ): 316 - 327 .

ZHANG Y H , ZHENG D , DENG R H . Security and privacy in smart health: efficient policy-hiding attribute-based access control [J ] . IEEE Internet of Things Journal , 2018 , 5 ( 3 ): 2130 - 2145 .

ZHANG Z S , ZHANG W , QIN Z G . A partially hidden policy CP-ABE scheme against attribute values guessing attacks with online privacy- protective decryption testing in IoT assisted cloud computing [J ] . Future Generation Computer Systems , 2021 , 123 : 181 - 195 .

NASIRAEE H , ASHOURI-TALOUKI M . Privacy-preserving distributed data access control for CloudIoT [J ] . IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 4 ): 2476 - 2487 .

ZHANG W , ZHANG Z S , XIONG H , et al . PHAS-HEKR-CP-ABE: partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system [J ] . Journal of Ambient Intelligence and Humanized Computing , 2022 , 13 ( 1 ): 613 - 627 .

MAHDAVIOLIAEE M , AHMADIAN Z . Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits [J ] . Journal of Computer Virology and Hacking Techniques , 2023 , 19 ( 4 ): 515 - 528 .

Views

1255

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Fine-grained model capability access control mechanism based on machine unlearning

Industrial OT network access authorization traceability method based on balanced Merkle tree

Attribute-based bilateral access control scheme for cloud storage

Identity-based puncturable signature scheme

Attribute-based revocable collaborative access control scheme

Related Author

Du Haohua

Wang Zhiqiang

Xu Shengwei

Yue Ziyan

YANG Chao

YANG Xinghui

KANG Yongping

FENG Tao

Related Institution

School of Cyber Science and Technology, Beihang University

School of Cyber Science and Technology, University of Science and Technology of China

Department of Cryptography and Science Technology, Beijing Electronic Science and Technology Institute

School of Cyberspace Security, Beijing University of Posts and Telecommunications

School of Mechanical and Electrical Engineering, Lanzhou University of Technology

AI问答

⁰